nanog mailing list archives
Re: Dutch ISPs to collaborate and take responsibility
From: "Michael Painter" <tvhawaii () shaka com>
Date: Fri, 9 Oct 2009 17:26:30 -1000
Lee wrote:
If an ISP is involved with tracking down DDOS participants or something, I can understand how they'd know a system was compromised. But any kind of blocking because the ISP sees 'anomalous' traffic seems .. premature at best. SANS newsbites has this bit: On Thursday, October 8, Comcast began testing a service that alerts its broadband subscribers with pop-ups if their computers appear to be infected with malware. Among the indicative behaviors that trigger alerts are spikes in overnight traffic, suggesting the machine has been compromised and is being used to send spam. When my son comes home from college, there's a huge spike in overnight traffic from my house. With all the people advocating immediate blocking of pwned systems in this thread, I'm wondering what their criteria is for deciding that the system is compromised & should be blocked. Lee
Some info. here (from http://networkmanagement.comcast.net/ ): 5. Detection of Botshttp://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03 http://tools.ietf.org/html/draft-livingood-web-notification-00
Current thread:
- Re: Up Next: Quarantine Phishing (Was: Dutch ISPs to collaborate and take responsibility for bottedclients), (continued)
- Re: Up Next: Quarantine Phishing (Was: Dutch ISPs to collaborate and take responsibility for bottedclients) Sean Donelan (Oct 07)
- Re: Dutch ISPs to collaborate and take responsibility for bottedclients Barry Shein (Oct 06)
- Re: Dutch ISPs to collaborate and take responsibility for bottedclients Peter Beckman (Oct 08)
- Re: Dutch ISPs to collaborate and take responsibility Joe Greco (Oct 06)
- Re: Dutch ISPs to collaborate and take responsibility Alexander Harrowell (Oct 07)
- Re: Dutch ISPs to collaborate and take responsibility Dave Temkin (Oct 07)
- Re: Dutch ISPs to collaborate and take responsibility Owen DeLong (Oct 07)
- Re: Dutch ISPs to collaborate and take responsibility Joe Greco (Oct 07)
- Re: Dutch ISPs to collaborate and take responsibility Rich Kulawiec (Oct 09)
- Re: Dutch ISPs to collaborate and take responsibility Lee (Oct 09)
- Re: Dutch ISPs to collaborate and take responsibility Michael Painter (Oct 09)
- Re: Dutch ISPs to collaborate and take responsibility for bottedclients Nils Kolstein (Oct 05)
- Re: Dutch ISPs to collaborate and take responsibility for bottedclients Rich Kulawiec (Oct 05)
- Re: Dutch ISPs to collaborate and take responsibility for botted clients Peter Beckman (Oct 04)
- Re: Dutch ISPs to collaborate and take responsibility for botted clients Christopher Morrow (Oct 04)
- Re: Dutch ISPs to collaborate and take responsibility for botted clients Gadi Evron (Oct 04)
- Re: Dutch ISPs to collaborate and take responsibility for botted clients Justin Shore (Oct 05)
- Re: Dutch ISPs to collaborate and take responsibility for botted clients Leigh Porter (Oct 05)
- Re: Dutch ISPs to collaborate and take responsibility for botted clients Nathan Ward (Oct 05)
- RE: Dutch ISPs to collaborate and take responsibility for botted clients Lee Howard (Oct 05)